HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP Procurve NPS RADIUS Attributes For Manager and Operator

 
SOLVED
Go to solution
Usaia Tawakevou
Valued Contributor

HP Procurve NPS RADIUS Attributes For Manager and Operator

Hi,

Got a multivendor network environment with HP/Aruba procurves ranging from 3800, 2900, 2800, 2500 as our access switches. Ive got authentication working with my Cisco's with proper attributes setup on two of my network policy in NPS (win 2K8 server R2 Enterprise) for network admins and operators. Im testing it out now on my HP3800 and it works with authentication and enable access but I want the MANAGER access to be from my network admin network policy and OPERATOR access to be via the network operator network policy. Dont want to add more policy, but just to use the two (admin and operator) and just tweak the vendor apecific attribute on the NPS network policy so when administrator logs in he/she logs in as MANAGER and when a helpdesk staff logs in he/she logs in a an OPERATOR.

Any help will be really apprecciated

Thanks 

2 REPLIES
Usaia Tawakevou
Valued Contributor

Re: HP Procurve NPS RADIUS Attributes For Manager and Operator

Anyone out there who can help out ?

Usaia Tawakevou
Valued Contributor
Solution

Re: HP Procurve NPS RADIUS Attributes For Manager and Operator

Did some more reading and research and I manage find a solution. This is what I did if someone is out there looking for a solution

On NPS with my current network policies (2) for net-admin and net-operator I add in service-Type on the Standard RADIUS Atributes for on both my network policy with the net-admin policy using the Administrative value and my net-operator policy using NAS Prompt as the value. Noting that I want only two network polices to take care of my Cisco and HP Procurve access. See the attach file for the settings of both Network policy

On my switch this is the RADIUS/AAA configuration

radius-server host x.x.x.x
radius-server dead-time 5
radius-server key xxxxx
radius-server timeout 5


aaa authentication login privilege-mode - Once authenticated, go straight to privilege/enable mode
aaa authentication console login radius local - Set the console login order to Radius then Local
aaa authentication console enable radius local - Set the console enable authentication order to Radius then Local
aaa authentication ssh login radius local - Set the SSH login order to Radius then Local
aaa authentication ssh enable radius local - Set the SSH login order to Radius then Local